If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

So why am I using Facebook at all? Especially since they seem to like handing out your private data to anyone? Well, laziness.

For for a multiplayer game (such as it is) hardening is important and is quite a burden to a tiny dev. A lazy tiny dev like me.

By tying the logon to something external I save myself a lot of responsibility.

For example, I don't have to do the following things:

Monitor accounts created by IP address and limit how many per hour (to stop account creation attacks) (good thing I don't have to do this, because Unity's websocket implementation doesn't even support getting the IP for some reason)

Do IP lookups and stop new accounts from known vpns (again, to stop account creation attacks)

Ask if the users are 13+ for COPPA reasons (FB accounts are assumed to be 13+)

Keep a database of places where people can get unlimited email addresses easily and blacklist them to help with account creation attacks

Require the users email and password

Insure user passwords are reasonable (ie, not 1234 etc)

Insure user passwords are properly securely stored and in an encrypted format. This is important because if I got hacked and users use the same password at multiple sites, it could cause them to lose a lot more than progress in my dumb game. By using an external system I avoid this possibility.

Deal with things like user's that need to change email addresses and passwords (although if someone lost their FB account.. uhh.. well, not much I could do. I don't even know the user's email address so that couldn't be used to verify the owner)

The FB part isn't important, I'd like to support the same thing by using other third party login systems like Twitter and OpenID (what else would be good?) but I haven't gotten around to figuring out how those work. There is also the issue of wanting to allow logins via native iOS/Android apps (non-web) which FB supports with its own plugins but I don't know if the others support this.

The good news is if my servers got hacked, you don't have to worry about any private data such as email or passwords being made available as I don't have any stored. The bad news is that even the minimum FB permissions I request contain your real name, which is private info you shouldn't gave to share with me. (I don't need it or use it)

Unfortunately FB has sort of completely forgotten about the "Anonymous facebook login" system they promised years back. It wouldn't help FB to stop stealing your data in other ways, but at least you wouldn't be giving ANY data (like name) to app-devs like me.

To those not comfortable using Facebook to login: I totally respect and understand this. I've added a "Play as a guest" option so the game can sort of be experienced without any login required.

Special thanks to Akiko for blendering up some 3d models and making the title screen for me.

I understand you want to import your login system from social media, but Facebook really isn't the best option. Especially after what happened with Cambridge Analytica, I'd steer far away from them solely because of permanent data collection. Twitter wouldn't be that bad, though.

Is this just a temporary game that you're messing around with or is this a game that you think will be here to stay for years to come?

Eh, this gamelet is probably more on the temporary side. Its job is to test modules I wrote. (mysql & login types) If for example, I want to see how a "twitter logon" works, this would be a perfect place to try it so I can figure out if it's going to work before basing a big game on it.

Originally Posted by CernodileHD

I understand you want to import your login system from social media, but Facebook really isn't the best option. Especially after what happened with Cambridge Analytica, I'd steer far away from them solely because of permanent data collection. Twitter wouldn't be that bad, though.

Yeah, wish I knew about that before I added the FB support, I wouldn't have bothered...

I understand you want to import your login system from social media, but Facebook really isn't the best option. Especially after what happened with Cambridge Analytica, I'd steer far away from them solely because of permanent data collection. Twitter wouldn't be that bad, though.

Gotta say it's not bad, but I definitely agree with what he's saying..

Guest mode doesn't have problems for me, and it's pretty decent. A bit laggy on mobile (samsung galaxy 2 tablet with Puffin) but works for me. Also that #1 guy on the leaderboards plays this way too much.

- - - Updated - - -

Originally Posted by GEN

rip

I need to try this

retardedzlockgaming on the Growtopia Forums. But this place is very tame,
and not as chaotic, so I'll hang here too.